CVE-2025-54518 PUBLISHED

Assigner: AMD
Reserved: 23.07.2025 Published: 15.05.2026 Updated: 15.05.2026

Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 7.3

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	High	Confidentiality	None
Attack Complexity	High	Integrity	High	Integrity	None
Attack Requirements	None	Availability	High	Availability	None
Privileges Required	Low
User Interaction	None

CVSS 4.0

Product Status

Vendor	AMD
Product	AMD EPYC™ 7002 Series Processors
Versions	Default: affected Version os kernel is unaffected

Vendor	AMD
Product	AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
Versions	Default: affected Version RenoirPI-FP6_1.0.0.Ed is unaffected

Vendor	AMD
Product	AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics
Versions	Default: affected Version MendocinoPI-FT6_1.0.0.7f is unaffected

Vendor	AMD
Product	AMD Ryzen™ 3000 Series Desktop Processors
Versions	Default: affected Version ComboAM4v2 1.2.0.10 is unaffected

Vendor	AMD
Product	AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors
Versions	Default: affected Version ChagallWSPI-sWRX8-1.0.0.D is unaffected

Vendor	AMD
Product	AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics
Versions	Default: affected Version CezannePI-FP6_1.0.1.1d is unaffected

Vendor	AMD
Product	AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors
Versions	Default: affected Version CastlePeakWSPI-sWRX8 1.0.0.I is unaffected

Vendor	AMD
Product	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
Versions	Default: affected Version CezannePI-FP6_1.0.1.1d is unaffected

Vendor	AMD
Product	AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
Versions	Default: affected Version CezannePI-FP6_1.0.1.1d is unaffected

Vendor	AMD
Product	AMD Ryzen™ 4000 Series Desktop Processors
Versions	Default: affected Version ComboAM4v2 1.2.0.10 is unaffected

Vendor	AMD
Product	AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics
Versions	Default: affected Version ComboAM4v2 1.2.0.10 is unaffected

Vendor	AMD
Product	AMD Ryzen™ 3000 Series Desktop Processors
Versions	Default: affected Version ComboAM4PI 1.0.0.10 is unaffected

Vendor	AMD
Product	AMD EPYC™ Embedded 7002 Series Processors
Versions	Default: affected Version OS kernel is unaffected

Vendor	AMD
Product	AMD Ryzen Embedded V2000A Series Processors
Versions	Default: affected Version EmbeddedV2KAPI-FP6 1.0.0.A is unaffected

Vendor	AMD
Product	AMD Ryzen™ Embedded V2000 Series Processors
Versions	Default: affected Version EmbeddedPI-FP6_1.0.0.D is unaffected

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7052.html

Problem Types

CWE-1189 Improper Isolation of Shared Resources on System-on-a-Chip (SoC) CWE